General
-
Target
ba8ce58efa9742a2f5639697449cf1b3394c40bc74dee3235fa81865a8dae2e0N.exe
-
Size
962KB
-
Sample
250201-vwv44aslbx
-
MD5
2626b7755d40d743f55c7580a1beb8b0
-
SHA1
e3771299ec9da3c6ed2ee23ebf509e08fbd1237f
-
SHA256
ba8ce58efa9742a2f5639697449cf1b3394c40bc74dee3235fa81865a8dae2e0
-
SHA512
1a5df2f2c182601716575f12ea0bc6a677500e9c8a962b442bd1d31c35a6a287c790061b2071ffac31ebf94a138b0e3d6c8ef53b0cd424faa5a7e63259732e05
-
SSDEEP
24576:Jt24wfvf7a8DPw67oc1xuzoVF5r5QAwFv0XcI:1ef7aD6Ffuw7B2fI
Malware Config
Targets
-
-
Target
ba8ce58efa9742a2f5639697449cf1b3394c40bc74dee3235fa81865a8dae2e0N.exe
-
Size
962KB
-
MD5
2626b7755d40d743f55c7580a1beb8b0
-
SHA1
e3771299ec9da3c6ed2ee23ebf509e08fbd1237f
-
SHA256
ba8ce58efa9742a2f5639697449cf1b3394c40bc74dee3235fa81865a8dae2e0
-
SHA512
1a5df2f2c182601716575f12ea0bc6a677500e9c8a962b442bd1d31c35a6a287c790061b2071ffac31ebf94a138b0e3d6c8ef53b0cd424faa5a7e63259732e05
-
SSDEEP
24576:Jt24wfvf7a8DPw67oc1xuzoVF5r5QAwFv0XcI:1ef7aD6Ffuw7B2fI
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
Isrstealer family
-
Modifies visiblity of hidden/system files in Explorer
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2